Information Security Risk Management
Resume:
SENIOR INFORMATION TECHNOLOGY LEADER
INFORMATION SECURITY GOVERNANCE RISK COMPLIANCE A.I. BLOCKCHAIN
Governance, Risk Management & Compliance (GRC)
Information Security and Privacy
Vendor Management/Contract Negotiation
Risk Assessments / Control Design
Business Continuity Planning / Disaster Recovery
Third Party Cybersecurity Risk Management TPCRM
Program/Project Leadership
Cross-functional Team Development and Leadership
Acquisitions and Divestiture security reviews
Audit Remediation: SOX, HIPAA, HITRUST, PCI, GLBA and Federal Regulations (FISMA, NIST)
Blockchain, A.I., Web3
ACCOMPLISHMENTS
Created and implemented a Cybersecurity program including Governance, policies, controls, and standards.
Initiated a Risk Management program including identification, prioritization, and mitigation of known risks.
Achieved Compliance with financial and healthcare industry standard frameworks including third parties.
Applied new technologies including Blockchain and A.I. to potential case studies for improved efficiencies.
PROFESSIONAL RECOGNITION
On the Spot Award for Information Security area representation at Symposium event at State Farm.
Awarded outstanding achievement for disaster recovery exercise at HMS.
Multiple recognition events for outstanding achievements at various companies.
EDUCATION CURRENT CERTIFICATIONS
UTD - University of Texas at Dallas CRISC (Certified in Risk and Information Systems Control)
BS, Business Administration CISSP (Certified Information Systems Security Professional)
CISM (Certified Information Security Manager)
UCLA – University of California, Los Angeles CISA (Certified Information Systems Auditor)
Blockchain Technology Management Certificate
BTA Certified Blockchain Business Foundations
Blockchain Training Alliance BTA Certified Blockchain Solution Architect
Enterprise Training BTA Certified Blockchain Security Professional
BTA Certified Blockchain Project Manager
COURSES
Blockchain Solutions, Governance and Collaboration
Digital Transformation: Blockchain, IoT, AI, and Trusted Data
Fundamentals of Blockchain Technology
Blockchain Cryptocurrency Applications in Business and Finance
NFT Foundations (Non-Fungible Token training)
DAO Fundamentals (Decentralized Autonomous Organization training)
HITRUST CCSFP Certified Common Security Framework Practitioner
National Institute of Standards and Technology (NIST), Dept. of the Treasury Financial Management Service
Advanced IT Auditing Training; Auditing Practices Training, Information Systems Audit and Control Assoc. (ISACA)
Privacy and Information Security Training, International Association of Privacy Professionals (IAPP)
EXPERIENCE
PNC Bank / SSi People IT Third Party Security Manager 2024 – 2025
FINANCIAL INDUSTRY Remote, TX
Lead Third party Security Assurance activities including vendor risk assessments.
Validated technology and security controls are in place and operationally solid.
Consulted on defining third party security policies and best practices.
Independently managed multiple assessments to completion within SLA, including Due Diligence Questionnaires, conducting remote assessment interviews, creating remediations, etc.
Bank of America / Akkodis IT Project Manager GRC 2024 – 2024
FINANCIAL INDUSTRY Plano, TX
Managed projects for client Bank of America
Execute, review, and analyze identified control deficiencies to drive remediation and implement best practices.
Perform Cybersecurity assessments on vendors to ensure minimum security requirements are met.
Coordinate internal audits and technology compliance and operational reviews within Global Technology.
MTY Group IT GRC Manager / Project Manager 2021 – 2023
HOSPITALITY INDUSTRY Remote, TX
Implemented and maintained cybersecurity controls framework mapped to NIST CSF, CIS and PCI DSS.
Created Information Security Policy with supporting standards and processes for company-wide rollout.
Developed Third-Party Risk Management program including people, process, technology, assessments and maintains a risk register.
USAA Senior Risk Management Analyst 2019 – 2021
FINANCIAL AND INSURANCE INDUSTRY Plano, TX
Performed Second Line of Defense functions by overseeing/monitoring risk management policies and processes.
Provided independent challenge/oversight/review of First Line Defense execution of risk management activities.
Prioritized $1.2 billion modernization program risk management coverage plan implementation roadmap.
7-Eleven Third Party Risk Manager 2019 –2019
HOSPITALITY INDUSTRY Irving, TX
Implemented assessment process and metrics for identifying and reporting on third parties.
Evaluated security posture of third-party vendors and partners to ensure proper data hygiene.
Reviewed and approved requests from procurement to initiate new vendor relationships based on data security.
Brinks Information Security Risk Manager 2018 – 2018
FINANCIAL INDUSTRY Coppell, TX
Lead policy review, management, and consolidation of internal and third-party partners.
Provided assurance and evidence of security controls during customer audits / assessments.
Reviewed risk management processes and collaboration to ensure exposure is aligned with risk appetite.
Toyota Cybersecurity Leader 2017 – 2018
FINANCIAL AND AUTOMOTIVE MANUFACTURING INDUSTRY Plano, TX
Performed risk assessments on Third Parties and ongoing projects, solutions, and implementations.
Examined emerging technologies and scrutinized possible implementation risks and rewards.
Managed policy exceptions and track to ensure remediation.
Bank of America Information Security 2016 – 2017
FINANCIAL INDUSTRY Addison, TX
Advised business units on Cybersecurity controls using security framework and track remediation.
Reviewed Third-Party vendor security solutions for compliance with Bank policies and guidelines.
Coordinated with vendor managers and assessors on security solution implementation.
State Farm Information Security Risk Analyst 2015 – 2016
FINANCIAL AND INSURANCE INDUSTRY Richardson, TX
Applied industry standard risk management techniques to ongoing projects in application security.
Promoted security engagement through knowledge transfer and awareness.
Delivered risk reducing strategies to project teams via end-to-end security solution design.
HMS (Acquired by Gainwell Technologies) Information Security Analyst 2013 – 2015
HEALTHCARE INDUSTRY Irving, TX
Led HITRUST implementation to ensure protection of electronic Protected Health Information (ePHI).
Conducted Vendor Risk management assessments based on industry standards (HIPAA, HiTech, HITRUST).
Created and presented security awareness road show to promote Information Security knowledge sharing.
GE Capital IT Leader – Information Security 2011 – 2012
FINANCIAL INDUSTRY Irving, TX
Led security initiatives for acquisitions and divestitures including architecture review and policy gap analysis.
Initiated and implemented security awareness program in the Dallas area facilities.
Served as consultant for business projects to ensure regulatory compliance and security issues are identified.
Federal Reserve Bank of Dallas Information Security and Audit Manager 2010 – 2011
FINANCIAL INDUSTRY Dallas, TX
Addressed key federal regulations, including Federal Information Security Management Act (FISMA) and National Institute of Standards and Technology (NIST) through continual updates to all policy documentation.
Provided assurance of all aspects of Information Security for extremely large financial environment including identification of risks and security weakness remediation.
Ensured IT System failover plans were carried out and tested, as a continuity review board member.
Led Enterprise Security Management, Policy Management and Access Management teams.
Alliance Data Senior Information Security and Risk Analyst 2005 - 2009
FINACNICAL INDUSTRY Dallas, TX
Advised senior executive and management teams on risk management, and compliance planning and reporting.
Created baseline requirements to promote stringent and thorough adherence to Sarbanes-Oxley (SOX), PCI, GLBA and internal security policies.
Championed, developed, and implemented policy mapping mechanism, enabling improved regulatory compliance efficiency.
Children’s Medical Center Senior Information Security Technician 2004 – 2005
HEALTHCARE INDUSTRY Dallas, TX
Performed risk assessments and impact analyses for business units throughout hospital.
Provided guidance to ensure compliance with security standards and served as subject matter expert on large-scale projects, resulting in successful implementation of mission-critical applications.
Developed security policy and procedures to bring hospital into compliance with HIPAA.
Contact this candidate